| CPC G06F 21/54 (2013.01) [G06F 9/3806 (2013.01); G06F 13/1673 (2013.01); G06F 21/554 (2013.01); G06F 21/79 (2013.01)] | 15 Claims |
|
1. A processor arrangement, comprising:
a processor under observation (PUO), comprising:
processing circuitry configured to execute an application program code stored in a processor memory and to provide application output data via an output interface and, in executing the application program code, to execute or not execute instructions in accordance with an execution pattern depending on the executed application program code; and
observation circuitry that is connected to the processing circuitry and configured to monitor execution of the application program code by the processing circuitry and to provide execution information indicative of the execution pattern associated with the execution of the application program code by the PUO;
cybersecurity-monitoring circuitry for observing the PUO, which is physically separated from the PUO, and inaccessible by the PUO when executing the application program code, the cybersecurity-monitoring circuitry comprising:
an observation input interface for receiving the execution information;
a memory configured to store pre-generated execution pattern information indicative of an expected execution pattern associated with an uncompromised version of the application program code executed by the PUO; and
execution-monitoring circuitry, which is configured to:
perform a comparison between the received execution information and the pre-generated execution pattern information,
detect, using a predetermined execution-anomaly criterion defining at least one undesired deviation of the received execution information from the pre-generated execution pattern information, an execution anomaly in the received execution information, and
provide a monitoring output signal indicative of the detected execution anomaly; and
a controllable latency-output-buffer, which is also physically separated from the PUO, and inaccessible by the PUO when executing the application program code, and comprises a buffer memory and which receives at least a part of the application output data of the PUO and the monitoring output signal, and which is configured to:
temporarily store the received application output data in the buffer memory for a pre-determined latency time span;
output the temporarily stored application output data from the buffer memory at the end of the latency-time span, if no monitoring output signal indicative of the detected execution anomaly has been received during the latency time span; and
to block at least a part of the output from the buffer memory as soon as the monitoring output signal indicative of the detected execution anomaly has been received.
|